The Attorney-General's Department (AGD) has told a parliamentary inquiry it has not yet assessed the potential costs of implementing proposals around data retention, despite several estimates from industry it could cost hundreds of millions.
Catherine Smith, assistant secretary, telecommunications and surveillance law branch at the AGD, told the Parliamentary Joint Committee on Intelligence and Security that it has not excluded any cost models but has come up with three possible models. This includes government pays; industry pays' and sharing the cost, which she said is the current arrangement.
Data retention: Who wants it, who doesn't and why
"One of the biggest challenges for us in the early works that we did in 2009, 2010 is that it is very difficult ... to get any quantification of what this would actually cost because some providers gave us figures that were [high] and other providers gave figures right down [low]. I think that was a lot about not really understanding what it would look like at that time," Smith said.
"Essentially, we haven't done any actual cost modelling or anything like that at this point in time, but we're open to what potential [costs] there would be."
Committee member Philip Ruddock questioned whether imposing costs on the industry could drive some companies out of business.
iiNet told the committee in September that a data retention scheme could cost the company $60 million to set up and that it would pass on the cost to customers, which would equate to around $5 extra per month.
The Communications Alliance and Australian Mobile Telecommunications Association have also estimated data retention could cost industry over $500 million.
Ruddock warned the AGD that it would need to consider the cost of any data retention scheme.
"We haven't got any quantification, although we could probably do that on the basis of what happens currently. A cost sharing arrangement has the benefit of concentrating everybody's mind on making sure that it's as efficient as possible..." Roger Wilkins said, secretary at the AGD.
"I'm not sure in the time available we'll be able to make submissions around that type of cost, but cost has been a consideration."
The AGD also confirmed that it had carried out meetings with the telecommunications industry in 2009 and 2010 around the possibility of establishing a data retention scheme.
While the department denied it had given members of industry a policy proposal around data retention, Smith said the department had passed on two documents, with one document just one page long.
Smith told the committee that ASIO, the AFP, the Australian Crimes Commission, the Department of Broadband and Communications Digital Economy and possibly ACMA were all involved with the creation of the documents.
"Senator, we consulted [the industry] on what two years data retention would look like and what the implications could be on industry and the type of information that they could hold [and] the potential costs of it. There was no actual proposal put to them," Smith said.
Smith said the documents contained a "draft" of what data retention might entail but insisted the documents were not policy proposals.
The AGD also told the hearing that an internal taskforce was established by Wilkins in May 2010 to examine the Telecommunications Interception Act, with a report handed to Wilkins following around six months of meetings containing an analysis of failures of the Telecommunications Interception Act and how it could be changed.
"Why? Because it was clear ... that this was a fairly gothic piece of legislation, it was no longer usable [and] it had so many exceptions -- it was so complicated we needed to have a look at what had gone wrong. It needed to be thrown up in the air and probably some of the assumptions looked at and rewritten," Wilkins said.
While the taskforce primarily comprised of AGD staff, Wilkins said ASIO and the AFP were also asked to participate in the taskforce to provide technical knowledge.
Wilkins stated that while the taskforce looked at metadata, as it is already currently part of the Telecommunications Interception Act, the group did not examine data retention.
The AGD denied meetings with industry had any influence on the taskforce and its findings.
"It was a completely separate exercise. I think we met with industry in March 2010 and then this taskforce took over where we heading," Smith said.
The Parliamentary Joint Committee on Intelligence and Security is currently conducting an inquiry into reforms to Australia's interception and security legislation.
The inquiry relates to the Telecommunications (Interception and Access) Act 1979; Telecommunications Act 1997; Australian Security Intelligence Organisation Act 1979; and Intelligence Services Act 2001 and began in July this year.
One of the most contentious aspects of the terms of reference include "tailored data retention periods for up to two years for parts of a data set, with specific timeframes taking into account agency priorities and privacy and cost impacts".
However, Greens senator Scott Ludlam has said there are other issues in the federal government's proposals for intelligence and security reforms, besides data retention, which are "creepy".
Data retention reports
Data retention: The case for
Data retention: The case against
ASIO insulted by statements it could abuse data retention powers
Follow Computerworld Australia on Twitter: @ComputerworldAU